Source address selection problems

To: debian-ipv6@lists.debian.org
Subject: Source address selection problems
From: Dominic Hargreaves <dom@earth.li>
Date: Thu, 24 Mar 2005 13:15:42 +0000
Message-id: <[🔎] 20050324131542.GA29340@urchin.earth.li>

Hi,

I have a machine with multiple IPv6 addresses (all in the same prefix)
assigned to its main network interface (eth0). This works fine, apart
from the binding of source addresses for outgoing connections on this
machine.

Under IPv4, one would typically set this up with interface aliases:

ifconfig eth0 my.main.ip
ifconfig eth0:foo my.foo.service.ip

And so on. In this case, my.main.ip would be used as the source address
for outgoing connections over that interface. With IPv6, this doesn't
seem to be possible, despite some contradictory information from the
iproute manual. For example, from Appendix A: "IPv6 searches for the
first valid, not deprecated address with the same scope as the
destination. However:

dom@urchin:~$ ip -6 addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP> qlen 1000
    inet6 fe80::2e0:18ff:fe07:c2b7/64 scope link
    inet6 2001:1b40:0:1000:c1c9:c849:0:1/64 scope global
    inet6 2001:1b40:0:1000:c1c9:c849:103:e801/64 scope global

dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
   you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:103:e801

Furthermore, adding routes with explicit "src" options does not work as
advertised (in sec 7.1 of the iproute manual):

dom@urchin:~$ ip -6 ro |grep 2000
dom@urchin:~$ ip -6 ro |grep default
unreachable default dev lo  proto none  metric -1  error -101
dom@urchin:~$ sudo ip -6 ro add 2000::/3 via 2001:1b40:0:1000::1 src 2001:1b40:0:1000:c1c9:c849:0:1
dom@urchin:~$ ip -6 ro get 2001:200:0:8002:203:47ff:fea5:3085
2001:200:0:8002:203:47ff:fea5:3085 via 2001:1b40:0:1000::1 dev eth0  src 2001:1b40:0:1000:c1c9:c849:103:e801  metric 1024  mtu 1500 advmss 1440

Lastly, section 5.3 of the iproute manual claims that "an IP address
becomes secondary if another address with the same prefix bits already
exists" (and that a secondary address is not used when selecting the
default source address of outgoing packets.

Howver:

dom@urchin:~$ ip -6 addr show dev eth0 primary
2: eth0: <BROADCAST,MULTICAST,UP> qlen 1000
    inet6 fe80::2e0:18ff:fe07:c2b7/64 scope link 
    inet6 2001:1b40:0:1000:c1c9:c849:0:1/64 scope global 
    inet6 2001:1b40:0:1000:c1c9:c849:103:e801/64 scope global 
dom@urchin:~$ ip -6 addr show dev eth0 secondary

Some further points:

- If I add a third address to the interface, that gets used instead;
  I would guess that the last address is always used
  (rather than the first). 
- Assigning extra addresses with labels such as eth0:foo makes no
  difference.

Further weird behaviour:

dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
   you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:0:1
dom@urchin:~$ sudo ip addr add 2001:1b40:0:1000:c1c9:c849:0103:e801/64 dev eth0
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
   you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:0:1
dom@urchin:~$ sudo ip addr add 2001:1b40:0:1000:c1c9:c849:0200:d001/64 dev eth0
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
   you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:103:e801
dom@urchin:~$ sudo ip addr del 2001:1b40:0:1000:c1c9:c849:0103:e801/64 dev eth0
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
   you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:200:d001
dom@urchin:~$ sudo ip addr del 2001:1b40:0:1000:c1c9:c849:0200:d001/64 dev eth0
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
   you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:0:1
dom@urchin:~$ sudo ip addr add 2001:1b40:0:1000:c1c9:c849:0200:d001/64 dev eth0
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
   you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:0:1
dom@urchin:~$ sudo ip addr add 2001:1b40:0:1000:c1c9:c849:0103:e801/64 dev eth0
dom@urchin:~$ lynx -dump www.kame.net|grep "you are using IPv6"
   you are using IPv6, from 2001:1b40:0:1000:c1c9:c849:200:d001

Which is inconsistent, at best!

This is a Debian woody system with a vanilla 2.4.29-rc2 kernel. The same
behaviour is apparent on a Debian sarge system with a vanilla 2.4.29
kernel.

Is anyone able to unravel this mess and provide any suggestions as to what's
going on or how to fix it?

Cheers,

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Reply to:

Follow-Ups:
- Re: Source address selection problems
  - From: Paul.Hampson@anu.edu.au (Paul Hampson)

Prev by Date: free movies films gratuit
Next by Date: Re: Download IPv6-Module
Previous by thread: free movies films gratuit
Next by thread: Re: Source address selection problems
Index(es):
- Date
- Thread